Critical Alert: Fortinet Highlights New FortiManager Flaw Utilized in Latest Zero-Day Attacks
Fortinet Warns of New Critical FortiManager Flaw Used in Zero-Day Attacks
In a statement released today, cybersecurity giant Fortinet has publicly disclosed a critical vulnerability in its FortiManager API system.
This vulnerability, tracked as CVE-2024-47575, is causing waves in the cybersecurity community as it has been exploited in zero-day attacks to access and exfiltrate sensitive files.
These include configurations, IP addresses, and credentials for managed devices.
An Unsettling Discovery
Researchers discovered that malevolent actors could manipulate an API endpoint in the FortiManager system, enabling them to bypass security measures and access highly confidential information.
This constitutes a significant escalation in the level of threats posed by software flaws and raises concerns about data integrity in organizations using Fortinet’s solutions.
A Critical Classification
The Common Vulnerability Scoring System (CVSS), an industry standard for assessing the severity of computer system security vulnerabilities, has assigned the CVE-2024-47575 an alarming 9.4 out of 10 — an explicit indication of its critical severity.
The Response
Fortinet acted promptly to mitigate the issue.
The software patch released to address this flaw (FortiManager version 7.0.1), inhibits any unauthorized individual’s ability to access the data.
Fortinet advises users running older versions of the software to update immediately to the latest patched versions to safeguard their systems.
Advice for Prevention
While Fortinet took a significant first step in releasing the patch, cybersecurity professionals advise further steps for maximum security.
The timely application of updates and patches, coupled with enhancing endpoint security, and strict control of user permissions, can vastly reduce the risk of future exploitation.
Historical Relevance
This is not the first time Fortinet has been targeted.
Similar zero-day attacks took place last year involving the FortiGate SSL VPN product.
Proactive actions, such as routine audits of system permissions, continuous monitoring, and swift incident response played a critical role in preventing widespread damage.